Hackers Archives - Page 2 of 7

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Middle East Countries Targeted by World Cup Malware

Hackers, malware, Ophtek, Phishing, World Cuphackers, malware, Ophtek, phishing, World CupOphtek, LLC

Dec 2022

The World Cup has arrived and, as ever, it is creating headlines around the world, but it’s also creating numerous opportunities for hacking groups.

Fair play should be at the heart of everything taking place on the pitch during the World Cup, which is being held in Qatar, but matters off the pitch are slightly different. Threat actors thrive on a good opportunity and the popularity of the World Cup – over 3.5 billion people watched the last World Cup final in 2018 – makes it full of potential. And it’s an opportunity which hackers have taken advantage of, with a string of malware campaigns launched before the first ball is kicked.

While these attacks have, so far, mostly targeted countries in the Middle East, it’s likely these efforts will spread globally as the tournament progresses. Therefore, you need to understand the tactics that the hackers are following.

Football Phishing Attacks Hit the Middle East

Security researchers at Trellix have discovered, in the lead up to the World Cup, a significant increase in the number of phishing attacks hitting the Middle East. These phishing campaigns have been shown to be unashamedly cashing in on the interest in the World Cup, with many of the emails claiming to originate from either departments within FIFA or even from specific team managers.

The emails being delivered to unsuspecting victims are used to tempt the recipients into clicking links which, for example, promise to take them to payment pages for match tickets. However, the true destination of these links are malicious websites. As with most malicious websites, the potential for risk is very high, and the websites involved in this latest attack have been found to be housing malware such as Emotet, Qakbot, Remcos, Quad Agent and Formbook. All these malware strains have the potential to harvest data and gain remote access to infected PCs.

How To Defend Against the World Cup Malware

Whilst the malware at the heart of this campaign may not be the most dangerous ever seen, the fact remains that it is malware. And all malware should be considered a major problem for your IT infrastructure. Accordingly, protecting yourself against these phishing campaigns, and any others in the digital wild, is paramount for your cybersecurity. Therefore, make sure you adopt these tactics into your team:

Analyze every email: if an email sounds too good to be true, it’s likely it is. Say, for example, you receive an email from a manager of one of the World Cup teams, it’s unlikely they would be contacting you directly. Likewise, if you receive an email regarding payment for something you’ve never ordered – such as World Cup tickets – you should be equally suspicious.
Use an anti-malware suite: one of the best ways to protect your organization is by installing an anti-malware suite. This is a collection of tools which provides protection against malicious websites and emails by evaluating their risk level as well as monitoring network connections and installing a firewall.
Install all updates: you can maximize your security by ensuring that all software updates are installed and in place. Taking this crucial step will maximize the security of your IT infrastructure by protecting you against software vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The 5 Biggest IT Security Mistakes

attachments, Backup, Data Security, Hackers, Ophtek, Password Securityattachements, backup, Data Security, hackers, Ophtek, password securityOphtek, LLC

Aug 2022

Almost all cyber-attacks are due a common denominator: a mistake. We aren’t perfect, of course, but we can limit number of IT security mistakes we make.

Working on a PC is far from straightforward and, as a result, the sheer number of complex routines you must work through leaves plenty of room for mistakes. At the same time, all a hacker needs to take control of your system is a few milliseconds. Accordingly, even the smallest security mistake can leave your PC at the mercy of a hacker. However, by understanding what the most common, and usually simplest, IT security mistakes are, you can strengthen your IT defenses almost immediately.

Start Eliminating These Mistakes Today

If you want to make sure your IT infrastructure is safe from hackers, then you need to avoid these five IT security mistakes:

Not locking your screen: you may trust your work colleagues, but the fact remains that numerous people will enter your organization’s premises throughout the day. Some may be familiar, some may not. And that’s why it’s crucial you lock your screen. All you have to do is hit the Windows button and the L key; your screen will be locked with a password and the contents of your PC immediately protected.

Underestimating your value as a target: threat actors are malicious and, although they are certainly interested in big targets, they’re equally likely to target smaller organizations too. Additionally, many cyber-attacks are automated and don’t discriminate against who they attack. Therefore, never assume that your small business is of no concern to hackers. Remain vigilant and practice good IT security.

Passwords on Post-it notes: we all know that remembering passwords is difficult, but the biggest mistake you can make is by writing your password on a Post-it note. And then sticking it to your monitor. Sure, it’s convenient for you, but it’s also highly convenient for anyone looking to compromise your PC. Instead, create passwords you can easily remember, but are difficult for anyone else to crack.

Not backing up effectively: when it comes to IT, the range of backup options available in 2022 is plentiful. From on-site storage, to external cloud storage and even onto good old fashioned optical drives, there are numerous options. And it’s important that you use more than one backup option to protect your data, this will ensure it’s available when you need it. Remember: failing to maintain an effective backup process will seriously hurt your recovery time in the event of a cyber-attack.

Assuming email attachments are safe: ever since email became a mainstay of modern communications, it has carried a huge risk of delivering malware through email attachments. Most concerning of all, these infected attachments may be sent by email contacts you consider safe, it could even be your colleague sitting next to you. Threat actors can easily take control of a victim’s email address book and email malware under the guise of the victim’s email address. And that’s why you should evaluate every email you receive.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Sure-fire Ways to Know You’ve Been Hacked

Cyber Security, Encryption, Hackers, Hacking, Network, Ophtek, pop upsencryption, hacking, network, Ophtek, pop ups, security, vulnerabilityOphtek, LLC

May 2022

The aim of most hackers is to be discreet, but there’s almost always a tell-tale sign they’re at work. You just have to know what you’re looking for.

Damage limitation is an essential part of cyber-security and, accordingly, the sooner you realize you’ve been hacked, the sooner you can get to work on rectifying the issue. Establishing that you’ve been hacked, however, isn’t always straightforward. Hackers are well known for their stealthy attack strategies, and, in many cases, you’re unlikely to realize that you’ve been hacked. You may, instead, simply think that your network is experiencing technical problems, and that’s why you can’t access your files, or why your PCs performance has ground to a halt. But you also need to consider that you may have been hacked.

How Do You Know You’ve Been Hacked?

There are several clear giveaways that your organization’s digital defenses have been breached, and here are five of the most sure-fire ways to know you’ve been hacked:

Your Files are Encrypted: your day-to-day IT activity will likely center around the regular usage of files e.g. Word documents and Excel spreadsheets. But what happens when you can’t access these? Firstly, your organization’s productivity will plummet and, secondly, it could indicate that you’ve been the victim of ransomware. If your files are encrypted and a message is received demanding a ransom fee to decrypt them, then you’ve been hacked.
Unusual Network Activity: regular traffic patterns should be easily identifiable on your network logs, but anything unusual should be closely scrutinized. Modern hacking methods often find malware communicating with remote locations to transmit information or download further malware. Therefore, any unknown locations that are delivering or receiving data from your organization need to be investigated.
Persistent Pop-Ups: there’s nothing more irritating than a pop-up window when you’re trying to work on something. But when these are regularly popping up, when they shouldn’t be, there’s a good chance you’ve been hacked. Often, these pop-ups will try to convince you to perform an action, such as downloading an anti-malware app due to an infection on your PC. These, of course, are fake and are simply a devious strategy to get you to download further malware on to your PC.
People Ask You If You’ve Been Hacked: one of the most obvious signs that you’ve been hacked is when people start asking you if you’ve been hacked. And this is because malware often hijacks email accounts to help spread spam. As a result, people you know – who are listed in your email address book – will be receiving spam messages direct from your email account. Naturally, these unusual messages will ring alarm bells with the recipients, and they are likely to check in with you to confirm if your email account has been hacked.
Your Credentials are Available Online: hackers like to make money by harvesting valuable login credentials, these can then be sold to other hackers who want to breach security measures and gain quick, unauthorized access to private networks. Thankfully, applications such as Google’s Password Manager can warn you when these credentials turn up in password dumps, this is a good sign to immediately change all your passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Lenovo Laptops Shipped with New Malware Risk

BIOS Vulnerability, Hackers, Lenovo Laptop, OphtekBIOS Vulnerability, hackers, Lenovo Laptop, OpthekOphtek, LLC

Apr 2022

You’d like to think that brand new IT equipment is as malware resistant as possible. But, as Lenovo has discovered, this isn’t always the case.

In a highly embarrassing move for the company, Lenovo has had to issue an announcement that more than 100 of their laptop models are at risk of BIOS vulnerabilities. And remember, Lenovo ship a lot of computers; in the first quarter of 2022, Lenovo shipped 18.3 million units. Therefore, the impact of these vulnerabilities has the potential to be huge.

Sadly, it’s not the first time that Lenovo has found themselves in this situation. A number of rookie errors have been made in the past such as preloading laptops with spyware and the Lenovo rootkit fiasco. Some may argue that a company of this size will always have their mistakes magnified, but the risk posed by these mistakes is significant. Accordingly, it’s important to understand what this risk is and how you can protect yourself.

What is a BIOS Vulnerability?

Once you turn a PC on, the first program to run is BIOS (Basic Input/Output System); its primary use is to start your PC and facilitate the movement of data between an operating system and any devices attached to the system e.g. keyboard, mouse and hard drive. BIOS is a crucial element of getting your operating system up and running; without BIOS, your PC simply won’t work.

We now know what BIOS is, but what does a BIOS vulnerability consist of? Well, a vulnerability is any flaw or weakness in a piece of hardware or software which can give hackers a helping hand. So, for example, with BIOS, there could be an internal control which has been coded in a way that hackers can disable security controls e.g. bypassing security certificates in a piece of hardware. This makes vulnerabilities very dangerous, particularly when the only people aware of them are the hackers.

What Have Lenovo Shipped Their Laptops With?

In total, three vulnerabilities have been discovered on Lenovo’s affected laptops. Two relate to drivers which, despite only being necessary during the laptop manufacturing process, have not been deactivated before shipping. This has granted hackers the opportunity to exploit user privileges and take control of affected machines. The final vulnerability also gives hackers elevated user privileges but also includes local access to the machine.

How Can You Protect Your Lenovo Laptops?

To check if your Lenovo laptop is one of the affected models, you should immediately head to Lenovo’s security bulletin. This will list the full range of models at risk and, thankfully, links to a patched copy of the BIOS firmware. Installing this will render the vulnerabilities redundant and ensure your laptop is safe.

Final Thoughts

Designing a PC is complex and it’s almost impossible to eliminate every single problem. However, some problems have a higher capacity for disaster. While the type of vulnerability present in the affected laptops is rarely exploited in the wild, the potential for damage remains. As ever, security patches remain the best way forwards with vulnerabilities, so ensure these are always installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 … 7 Next »

Category Archives: Hackers